terraform-ibm-modules · aatreyee2506 · Nov 25, 2024 · Nov 25, 2024 · Nov 26, 2024 · Aashiq-J
@@ -207,6 +207,7 @@ No resources.
 | <a name="input_cluster_ready_when"></a> [cluster\_ready\_when](#input\_cluster\_ready\_when) | The cluster is ready when one of the following: MasterNodeReady (not recommended), OneWorkerNodeReady, Normal, IngressReady | `string` | `"IngressReady"` | no |
 | <a name="input_cluster_tags"></a> [cluster\_tags](#input\_cluster\_tags) | List of metadata labels to add to cluster. | `list(string)` | `[]` | no |
 | <a name="input_cos_name"></a> [cos\_name](#input\_cos\_name) | Name of the COS instance to provision for OpenShift internal registry storage. New instance only provisioned if 'enable\_registry\_storage' is true and 'use\_existing\_cos' is false. Default: '<cluster\_name>\_cos' | `string` | `null` | no |
+| <a name="input_create_log_agent_trusted_profile"></a> [create\_log\_agent\_trusted\_profile](#input\_create\_log\_agent\_trusted\_profile) | Set to false to opt out of creating a trusted profile. | `bool` | `true` | no |
 | <a name="input_custom_security_group_ids"></a> [custom\_security\_group\_ids](#input\_custom\_security\_group\_ids) | Up to 4 additional security groups to add to all worker nodes. If `use_ibm_managed_security_group` is set to `true`, these security groups are in addition to the IBM-maintained security group. If additional groups are added, the default VPC security group is not assigned to the worker nodes. | `list(string)` | `null` | no |
 | <a name="input_disable_outbound_traffic_protection"></a> [disable\_outbound\_traffic\_protection](#input\_disable\_outbound\_traffic\_protection) | Whether to allow public outbound access from the cluster workers. This is only applicable for Red Hat OpenShift 4.15. | `bool` | `false` | no |
 | <a name="input_disable_public_endpoint"></a> [disable\_public\_endpoint](#input\_disable\_public\_endpoint) | Whether access to the public service endpoint is disabled when the cluster is created. Does not affect existing clusters. You can't disable a public endpoint on an existing cluster, so you can't convert a public cluster to a private cluster. To change a public endpoint to private, create another cluster with this input set to `true`. | `bool` | `false` | no |

@@ -67,7 +67,7 @@ locals {
 
 
 module "trusted_profile" {
-  count                       = (var.logs_agent_enabled && var.logs_agent_iam_mode == "TrustedProfile") ? 1 : 0
+  count                       = (var.create_log_agent_trusted_profile && var.logs_agent_enabled && var.logs_agent_iam_mode == "TrustedProfile") ? 1 : 0
   source                      = "terraform-ibm-modules/trusted-profile/ibm"
   version                     = "1.0.4"
   trusted_profile_name        = "${var.cluster_name}-trusted-profile"
@@ -107,7 +107,7 @@ module "observability_agents" {
   logs_agent_enabled                     = var.logs_agent_enabled
   logs_agent_name                        = var.logs_agent_name
   logs_agent_namespace                   = var.logs_agent_namespace
-  logs_agent_trusted_profile             = var.logs_agent_iam_mode == "TrustedProfile" ? module.trusted_profile[0].trusted_profile.id : null
+  logs_agent_trusted_profile             = var.create_log_agent_trusted_profile && var.logs_agent_enabled && var.logs_agent_iam_mode == "TrustedProfile" ? module.trusted_profile[0].trusted_profile.id : null
   logs_agent_iam_api_key                 = var.logs_agent_iam_api_key
   logs_agent_tolerations                 = var.logs_agent_tolerations
   logs_agent_additional_log_source_paths = var.logs_agent_additional_log_source_paths

@@ -572,3 +572,8 @@ variable "cloud_monitoring_agent_tolerations" {
       key : "node-role.kubernetes.io/master"
   }]
 }
+variable "create_log_agent_trusted_profile" {
+  description = "Set to false to opt out of creating a trusted profile."
+  type        = bool
+  default     = true
+}